On Thu, 25 Jan 2007 07:22:41 Matthias Scheler wrote:
>  
>  On Wed, Jan 24, 2007 at 10:00:50AM -0800, Paul Newhouse wrote:
>  >   pass in  proto tcp from $dsl_if to $dsl_net port 25 keep state
>  >   pass out log on $ext_if route-to $dsl_if proto { tcp udp icmp } from \
>  >          {$dsl_net} to any
>  > 
>  > The above trap the messages going out on the wrong interface BUT, then they
>  > disappear.
>  
>  It's not that easy. You also need to NAT accordingly. It doesn't help
>  to route stuff to the other interface if it uses the wrong IP address.

The packets that try to go out ext_if have a src address of dsl_if.
All the NAT'g seems to have been handled.

Postfix processing seems to scrub the state info so the packets try to go to 
the default route which is ext_if.

Paul